To learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.

Blogs

Bifrozt - A high interaction honeypot solution for Linux based systems.

A few days ago I was contacted by our CPRO, Leon van der Eijk, and asked to write a blog post about my own project called Bifrozt; something which I was more than happy to do. :) This post will explain what Bifrozt is, how this got started, the overall status of the project and what will happen further down the road.


What is Bifrozt?

Beeswarm - active deceptions made easy

Finally we can announce with great pleasure the first public beta of the Beeswarm project.
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The project differentiates itself by two key items:

  • Active deceptions
  • Simplicity and ease of use

Active deceptions

Global Glastopf statistics for June 2014

During the month of June the following information was obtained from Glastopf installations worldwide

Geographical spread

worldmap_201406

10 most popular injected files during the period

Short introduction to RFI:

Get STIX Reports from ICS Honeypot Conpot

The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github.

Outsmarting the smart meter

The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very successful technique when figuring out a unknown hardware or protocol. Next step then is to decode the messages logged in the proxy module. Most of this step is done by studying books of specifications, leaked manuals and offensive tools. This then gives us insight into the protocol, the commands sent and responses generated.

New release of HoneyDrive; the honeypot bundle Linux distro

It is my great pleasure to announce that HoneyDrive 3 is here, codenamed Royal Jelly!

For those in need of a more official description or for people that haven’t heard of HoneyDrive before, here is one:

Vagrant configuration for Thug honeyclient

Vagrant and Docker and wonderful tools that enable security practitioners to easily dive into the DevOps world and use them for InfoSec projects. Continuing from the previous blog post Thug in 5 minutes, here is a Vagrant configuration to setup Thug honeyclient.

Global Glastopf statistics for May 2014

During the month of May the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1859863

Filenames (RFI) - 10 most popular during the period:

Hash: Hits:
48101bbdd897877cc62b8704a293a436 2425
4997ed27142837860014e946eed96124 2050
d070c4cccf556b9da81da1e2de3cba54 644
3cc11c8fa7e3e36f0164bdcae9de78ec 330

Global Glastopf statistics for April 2014

During the month of April the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1325919

Filenames (RFI) - 10 most common during the period:

Hash: Hits:
F8a4da2e35b840891335d90cb48a6660
b8cbfe520d4c2d8961de557ae7211cd2 1072
3cc11c8fa7e3e36f0164bdcae9de78ec 998
7de0bcb903eaba7881c6d03a8c7769a8 682

Thug 0.5 and KYT paper

Thug 0.4.0 was released on June, 8th 2012 and a huge number of really important features were added since then. During the last two years I had a lot of fun thinking and designing the future of the project and I'm really proud of what Thug is now. I have to thank a lot of persons who contributed with their suggestions, ideas, bug reports and sometimes patches. You know who you are. Really thanks!

Syndicate content